FTC hits social network Path with record $800k fine

Justice scales and books

The US Federal Trade Commission (FTC) has issued its biggest ever fine to an app builder, accused of accessing customers' private data without permission.

Path, a social networking app that lets mobile device users share photos and instant messages, was ordered to pay $800,000 (509,517) by the FTC after it found the company had misled customers.

According to the commission, the app offered users "no meaningful choice" about the collection of personal data from their phone and would upload the names, email addresses, phone numbers, and Facebook and Twitter usernames to its servers, regardless of whether the customer had given it permission to.

The app offered users no meaningful choice about the collection of personal data

The issue was discovered almost exactly a year before the fine was issued, by action.io developer Arun Thampi.

Dave Morin, co-founder and chief executive of Path defended the move, saying: "We upload the address book to our servers in order to help the user find and connect to their friends and family on Path quickly and efficiently as well as to notify them when friends and family join Path. Nothing more."

However, in a blog post, Morin then claimed the company had deleted "the entire collection of user uploaded contact information from [its] servers".

Moreover, the app is also understood to have allowed children under the age of 13 to sign up to the service without parental permission, which is illegal in the US. The FTC said approximately 3,000 children did sign up to Path, which currently has around 6 million users.

Morin defended his company, saying in another blog post: "As you may know, we ask users' their birthdays during the process of creating an account. However, there was a period of time where our system was not automatically rejecting people who indicated that they were under 13.

"Before the FTC reached out to us, we discovered and fixed this sign-up process qualification, and took further action by suspending any under age [sic] accounts that had mistakenly been allowed to be created."

Nevertheless, Jon Leibowitz, in his last day in charge of the FTC, said: "This settlement with Path shows that no matter what new technologies emerge, the agency will continue to safeguard the privacy of Americans."

The agency also warned all app developers and handset makers to improve data security, adding that a "rush to release may result in dangerous security oversights".

Jane McCallion
Deputy Editor

Jane McCallion is ITPro's deputy editor, specializing in cloud computing, cyber security, data centers and enterprise IT infrastructure. Before becoming Deputy Editor, she held the role of Features Editor, managing a pool of freelance and internal writers, while continuing to specialise in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.